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DETAILED ACTION 

1 . Claims 1-42 are pending for examination. 

2. Claims 1-42 are rejected. 

( 

Claim Rejections - 35 USC §102 
The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

(b) the invention was patented or described in a printed publication in this or a foreign country or in pubhc use or on 
sale in this country, more than one year prior to the date of apphcation for patent in the United States. 

3. Claims 1-42 are rejected under 35 U,S,C. 102(b) as being anticipated by Raanan et al, 
U.S. Patent 6,311,278 Bl, 

4. As per claim 1 ; "A method of accessing devices on a private network via a client on a 
public network, the method comprising the following steps performed by a gateway on the 
private network [ABSTRACT, figure 1-2 and accompanying descriptions]: receiving a request 
from the client to access a Web server of a device on the private network, wherein the web server 
has an address that is valid on the private network but is not valid on the public network [col. 

1, lines 30-col. 10,line 18, whereas the use of a firewall/gateway network interface node clearly 
encompasses the aspect of the address translation between the 2 networks for the low level (i.e., 
physical layer NIC signature) addressing, such that the address spaces would be unique between 
the client (NIC) on the public network and the server (NIC) on the private network.]; redirecting 
the received client request to the Web server of the device on the private network [i.e., col. 
2,lines 49-59, col. 3,lines 65-col. 5,Hne 9, col 5,lines 29-60]; scrubbing a Web page served by 
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the Web server in response to the received client request, comprising replacing an address in the 
Web page that is not valid on the public network with an address that is valid on the public 
network [i.e., col 2,hnes 49-59, col. 3, lines 65-col. 5,line 9, col. 6,lines 1-28, coL 7,lines 45-col 
8,line 7]; and serving the scrubbed Web pace to the client [i.e., col 2,lines 49-59, coL 3, lines 65- 
coL 5,line 9]."; 

Further, as per claim 15; "A gateway system [This claim is the system mean plus function 
claim for the method claim 1 above, and is rejected for the same reasons provided for the claim 1 
rejection] that permits access to devices on a private network via a client on a public network, 
comprising: means for receiving a request from the client to access a Web server of a device on 
the private network, wherein the Web server has an address that is valid on the private network 
but is not valid on the public network; means for redirecting the received client to request to the 
Web server; means for scrubbing a Web page served by the Web server in response to the 
received client request, comprising means for replacing an address in the Web page that is not 
valid or the public network with an address that is valid on the public network; and means for 
serving the scrubbed Web page to the client/'; 

Further, as per claim 29; "A computer program product [This claim is the embodied 
software claim for the method claim 1 above, and is rejected for the same reasons provided for 
the claim 1 rejection] that permits access to devices on a private network via a client on a public 
network, the computer program product comprising a computer usable storage medium having 
computer readable program code embodied in the medium, the computer readable program code 
comprising: computer readable program code that receives a request from the client to access a 
Web server of a device on the private network, wherein the Web server has an address that is 
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valid on the private network but is not valid on the public network; computer readable program 
code that redirects the received client request to the Web server; computer readable program 
code that scrubs a Web page served by the Web server in response to the received client request, 
comprising computer readable Program code that replaces an address in the Web page that is not 
valid on the public network with an address that is valid on the public network; and computer 
readable program code that serves the scrubbed Web page to the client ". 

5. Claim 2 additionally recites the limitation that; "The method according to Claim 1, 
further comprising the following steps performed by the gateway prior to receiving a request 
from the client to access a Web server of the device: ascertaining rights of a user to access one or 
more devices on the private network; and serving a Web page to the client that identifies each 
device on the private network for which the user has access rights, wherein the Web page 
includes to a link to a Web server of each device on the private network for which the user has 
access rights.". The teachings of Raanan et al suggest such limitations (col. 1, lines 30-coL lOJine 
18, whereas the use of a firewall/gateway to determine authorized and allowable actions by the 
client (i.e., col. 2,lines 39-coL 3,line 23, col 4,Hnes 65-col. 5,line 29,61-67, col. 7,lines 19-25), 
are broadly interpreted to encompass the "ascertaining rights of a user to access one or more 
devices on the private network" limitation, and the extraction/robot module translation of 
addressing (i.e., URL, IP level addressing) protocol information (i.e., col. 3,lines 53-col. 4,line 
33, col 5,lines 60-col 6,line 59, col. 7,Iines 5-8, col. 8,Hnes 64-col 9,linel8) are broadly 
interpreted to encompass the "... includes to a link to a Web server of each device on the private 
network for which the user has access rights" limitation ); 
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Further, claim 16 additionally recites the limitation that; "The gateway system [This 

( 

claim is the system mean plus function claim for the method claim 2 above, and is rejected for 
the same reasons provided for the claim 2 rejection] according to Claim 15, further comprising: 
means for ascertaining rights of a user to access one or more devices on the private network; and 
5 means for serving a Web page to the client that dentifies each device on the private network for 
which the user has access rights, wherein the Web page includes a link to a Web server of each 
device on the private network for which the user has access rights "; 

Further, claim 30 additionally recites the limitation that; "The computer program product 
[This claim is the embodied software claim for the method claim 2 above, and is rejected for the 
same reasons provided for the claim 2 rejection] according to claim 29, further comprising: 
computer readable program code that ascertains rights of a user to access one or more devices on 
the private network; and computer readable program code that serves a Web page to the client 
that identifies each device on the private network for which the user has access rights, wherein 
the Web page includes a link to a Web server of each device on the private network for which 
the user has access rights ". 

6, Claim 3 additionally recites the limitation that; "The method according to Claim 2, 
further comprising the step of accepting a user log-in request from the client prior to ascertaining 
rights of the user, wherein the user log-in request includes an identification of the user ". The 
teachings of Raanan et al suggest such limitations (col IJines 30-col. lO^line 18, whereas the use 
of a firewall/gateway to determine authorized and allowable actions by the client (i.e., col. 
2,lines 39-coL 3,line 23, col. 4,lines 65-col 5,hne 29,61-67, col. 7,lines 19-25), are broadly 
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interpreted to encompass the "accepting a user log-in request . : : prior to ascertaining rights of 
the user, . . . includes an identification of the user" hmitation.); 

Further, claim 17 additionally recites the limitation that; "The gateway system [This 
claim is the system mean plus function claim for the method claim 3 above, and is rejected for 
the same reasons provided for the claim 3 rejection] according to Claim 16, further comprising 
means for accepting, a user log-in request from the client, wherein the user log- in request 
includes an identification of the user "; 

Further, claim 3 1 additionally recites the limitation that; "The computer program product 
[This claim is the embodied software claim for the method claim 3 above, and is rejected for the 
same reasons provided for the claim 3 rejection] according to Claim 30, forther comprising 
computer readable program code that accepts a user log-in request from the cUent, wherein the 
user log-in request includes an identification of the user.", 

7. Claim 4 additionally recites the limitation that; "The method according to Claim 2, 
wherein each link to a Web sever includes a uniform resource Locator (URL) for the gateway 
that is valid on the public network and an identification of a gateway port that is mapped to a 
respective Web server, and wherein each link is configured to send a request to a respective Web 
server via the gateway at an identified gateway port.". The teachings of Raanan et al suggest 
such hmitations (col. l,Hnes 30-col. 10,line 18, whereas the use of an extraction/robot module 
translation of addressing (i.e., URL, IP level addressing) protocol information (i.e., col. 3,lines 
53-col. 4,line 33, col. 5,lines 60-col. 6,line 59, col. 7,lines 5-8, col. 8,lines 64-coL 9,linel8) are 
broadly interpreted to encompass the "... (URL) for the gateway . . . valid on the public network 
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- identification , . . port . . . mapped to a respective Web server, . , , link is ... to send a request to 
a . . . Web server via the gateway at an identified gateway port" limitation, whereas the use if the 
Internet Web protocol data structures clearly encompasses port addressing (i.e., that's how 
applications are delineated from each other from a Internet network element perspective).); 

Further, claim 18 additionally recites the limitation that; "The gateway system [This 
claim is the system mean plus function claim for the method claim 4 above, and is rejected for 
the same reasons provided for the claim 4 rejection] according to Claim 16, wherein each link to 
a Web server includes a uniform resource locator (URL) for the gateway system that is valid on 
the public network and an identification of a gateway system port that is nnapped to a respective 
Web server, and wherein each link is configured to send a request to a respective Web server via 
the gateway system at an identified gateway System port."; 

Further, claim 32 additionally recites the limitation that; "The computer program product 
[This claim is the embodied software claim for the method claim 4 above, and is rejected for the 
same reasons provided for the claim 4 rejection] according to Claim 30, wherein each link to a 
Web server includes a uniform resource locator (URL) for a gateway on the private network that 
is valid on the public network and an identification of a gateway port that is mapped to a 
respective Web server, and wherein each Hnk is configured to send a request to a respective Web 
server yia the gateway at an identified gateway port.". 

8. Claim 5 additionally recites the Hmitation that; "The method according to Claim 1, 
wherein the scrubbing step comprises replacing an address in the Web page that is valid only on 
the private network with a URL for the gateway that is valid on the public network and an 
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identification of a gateway port that is mapped to the replaced address/'. The teachings of 
Raanan et al suggest such hmitations (coL 1, lines 30-coL 10,line 18, whereas the use of an 
extraction/robot module translation of addressing (i.e., URL, IP level addressing) protocol 
information (i.e., col. 3,lines 53-col. 4,line 33, col. 5,lines 60-col. 6,line 59, col. 7,lines 5-8, col. 
8,lines 64-col. 9,linel8) are broadly interpreted to encompass the "replacing an address ...Web 
page valid . . . with a URL for the gateway . . . valid ... and an identification of a . . . port that is 
mapped to the replaced address." limitation, whereas the use if the Internet Web protocol data 
structures clearly encompasses port addressing (i.e., that's how applications are delineated from 
each other from a Internet network element perspective).); 

Further, claim 19 additionally recites the limitation that; "The gateway system [This 
claim is the system mean plus function claim for the method claim 5 above, and is rejected for 
the same reasons provided for the claim 5 rejection] according to Claim 15, wherein the means 
for scrubbing a Web page comprises means for replacing an address in the Web page that is valid 
only on the private network with a URL for the gateway system that is valid on the public 
network and an identification of a gateway system port that is mapped to the replaced address."; 

Further, claim 33 additionally recites the limitation that; "The computer program product 
[This claim is the embodied software claim for the method claim 5 above, and is rejected for the 
same reasons provided for the claim 5 rejection] according to Claim 29, wherein the computer 
readable program code that scrubs a Web page comprises computer readable program code that 
replaces an address in the Web page that is valid only on the private network with a URL for a 
gateway on the private network that is valid on the public network and an identification of a 
gateway port that is mapped to the replaced address.". 
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9. Claim 6 additionally recites the limitation that; "The method according to Claim 2, 
wherein the step of serving a Web page to the client comprises: scanning a range of private 
network addresses to identify Web servers listening on one or more selected ports; mapping each 
identified Web server to a respective gateway port; and creating a Web page that contains a 
respective link to each gateway port for each device for which the to user has access rights.". The 
teachings of Raanan et al suggest such limitations (col. I, lines 30-col. 1 Online 18, whereas the use 
of a firewall/gateway to determine authorized and allowable actions by the client (i.e., col 
2,lines 39-col. 3,line 23, col. 4,lines 65-col. 5,line 29,61-67, col. 7,lines 19-25), are broadly 
interpreted to encompass the "mapping ... to a respective gateway port; . . . creating a Web page 

link to each gateway port . . . device for which the to user has access rights" limitation, and the 
extraction/robot module translation of addressing (i.e., URL, IP level addressing) protocol 
information (i.e., col. 3,lines 53-col. 4,line 33, col 5,Unes 60-col. 6,line 59, col. 7,lines 5-8, col 
8,lines 64-col 9,linel8) are broadly interpreted to encompass the "scanning a range of private 
network addresses to identify Web servers listening on one or more selected ports" limitation.); 

Further, claim 20 additionally recites the hmitation that; "The gateway system [This 
claim is the system mean plus function claim for the method claim 6 above, and is rejected for 
the same reasons provided for the claim 6 rejection] according to Claim 16, wherein the means 
for serving a Web page to the client comprises: means for scanning a range of private network 
addresses to identify Web servers listening on one or more selected ports; means for mapping 
each identified Web server to a respective gateway system port; and means for creating a Web 
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pace that contains a to respective link to each gateway system port for each device for which the 
user has access rights 

Further, claim 34 additionally recites the limitation that; "The computer program product 
[This claim is the embodied software claim for the method claim 6 above, and is rejected for the 
same reasons provided for the claim 6 rejection] according to Claim 30, wherein the computer 
readable program code that serves a Web page to the client comprises: computer readable 
program code that scans a range of private network addresses to identify Web servers listening 
on one or more selected ports; computer readable program code that maps each identified Web 
server to a respective port of a gateway on the private network; and to computer readable 
program code that creates a Web page that contains a respective link to each gateway port for 
each device for which the user has access rights 

10. As per claim 7; "A method of accessing devices on a private network via a client on a 
public network, wherein each device includes a Web server having an address that is valid on the 
private network, but is not valid on the public network, the method comprising the following 
steps performed by a gateway on the private network: ascertaining rights of a user to access one 
or more devices on the private network; serving a Web page to the client that identifies each 
device on the private network for which the user has access rights, wherein the Web page 
includes a link to a Web server of each device on the private network for which the user has 
access rights; receiving a request from the client to access a Web server of a device on the 
private network in response to user activation of a link on the Web page; redirecting the received 
client request to the Web server; scrubbing a Web page served by the Web server in response to 
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the received client request, comprising removing links to Web servers of devices for which the 
user does not have access rights; and serving the scrubbed Web page to the client [This claim is 
the combination of claims 1,2 above, and is rejected for the same reasons provided for the claims 
1,2 rejection]."; 

Further, as per claim 21; "A gateway system [This claim is the system mean plus function 
claim for the method claim 7 above, and is rejected for the same reasons provided for the claim 7 
rejection] that permits access to devices on a private network via a client on a public network, 
wherein each device includes a Web server having an address that is valid on the private 
network, but is not valid on the public network, wherein the gateway system comprises: means 
for ascertaining rights of a user to access one or more devices on .he private network; means for 
serving a Web page to the client that identifies each device or the private network for which the 
user has access rights, wherein the Web page includes a link to a Web server of each device on 
the private network for which the user has access rights; means for receiving a request from the 
client to access a Web server of a device on the private network in response to user activation of 
a link on the Web page; means for redirecting the received client request to the Web server; 
means for scrubbing a Web page served by the Web server in response to the received client 
request, comprising means for removing links to Web servers of devices for which the user does 
not have access rights; and means for serving the scrubbed Web page to the client"; 

Further, as per claim 35; "A computer program product [This claim is the embodied 
software claim for the method claim 7 above, and is rejected for the same reasons provided for 
the claim 7 rejection] that permits access to devices on a private network via a client on a public 
network, wherein each device includes a Web server having an address that is valid on the 
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private network, but is not valid on the public network, the computer program product 
comprising a computer usable storage medium having computer readable program code 
embodied in the medium, the computer .readable program code comprising: to computer 
readable program code that ascertains rights of a user to access one or more devices on the 
private network; computer readable program code that serves a Web page to the client that 
identifies each device on the private network for which the user has access rights, wherein the 
Web page includes a link to a Web server of each device on the private network for which the 
user has access rights; computer readable program code that receives a request from the client to 
access a Web server of a device on the private network in response to user activation of a link on 
the Web page; computer readable program code that redirects the received client request to the 
Web server; computer readable program code that scrubs a Web page served by the Web server 
in response to the received client request, comprising computer readable program code that 
removes links to Web servers of devices for which the user does not have access rights; and 
computer readable program code that serves the scrubbed Web page to the client/'. 

1 1 . Claim 8 additionally recites the limitation that; "The method according to Claim 7, 
further comprising the step of accepting a user log-in request from the client prior to ascertaining 
rights of the user, wherein the user log-in request includes an identification of the user ". The 
teachings of Raanan et al suggest such limitations (coL l,lines 30-coL 10,line 18, whereas the use 
of a firewall/gateway to determine authorized and allowable actions by the client (i.e., col. 
2,lines 39-col. 3,Hne 23, coL 4,lines 65-coL 5,line 29,61-67, col. 7,lines 19-25X are broadly 



Application/Control Number: 09/874,802 Page 13 

Art Unit: 2136 

interpreted to encompass the "accepting a user log-in request . . ■ prior to ascertaining rights of 
the user, . . . includes an identification of the user" limitation.); 

Further, claim 22 additionally recites the limitation that; "The gateway system [This 
claim is the system mean plus function claim for the method claim 8 above, and is rejected for 
the same reasons provided for the claim 8 rejection] according to Claim 21, further comprising 
means for accepting a user log-in request from the client; wherein the user log-in request 
includes an identification of the user "; 

Further, claim 36 additionally recites the limitation that; "The computer program product 
[This claim is the embodied software claim for the method claim 8 above, and is rejected for the 
same reasons provided for the claim 8 rejection] according to Claim 35, further comprising 
computer readable program code that accepts a user log-in request from the client, wherein the 
user log-in request includes an identification of the user ", 

12. Claim 9 additionally recites the limitation that; "The method according to Claim 7, 
wherein the scrubbing step fiirther comprises replacing an address in the Web page that is not 
valid on the public network with an address that is valid on the public network.". The teachings 
of Raanan et al suggest such limitations (col 1, lines 30-col. 10,line 18, whereas the use of an 
extraction/robot module translation of addressing (i.e., URL, IP level addressing) protocol 
information (i.e., col. 3,lines 53-col. 4,line 33, col. 5,lines 60-col. 6,line 59, col. 7,lines 5-8, col. 
8,lines 64-col. 9,linel8) are broadly interpreted to encompass the "replacing an address ...Web 
page ... valid ... with an address ... valid ..." Hmitation ); 
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Further, claim 23 additionally recites the limitation that; "The gateway system [This 
claim is the system niean plus function claim for the method claim 9 above, and is rejected for 
the same reasons provided for the claim 9 rejection] according to Claim 21, wherein the means 
for scrubbing a Web page further comprises means for replacing an address in the Web page that 
is not valid on the public network with an address that is valid on the public network."; 

Further, claim 37 additionally recites the limitation that; "The computer program product 
[This claim is the embodied software claim for the method claim 9 above, and is rejected for the 
same reasons provided for the claim 9 rejection] according to claim 35, wherein the computer 
readable program code that scrubs a Web page further comprises computer readable program 
code that replaces an address in the Web page that is not valid on the public network with an 
address that is valid on the public network.". 

13. Claim 10 additionally recites the limitation that; "The method according to Claim 7, 
wherein each link to a Web server includes a uniform resource locator (URL) for the gateway 
that is valid on the public network and an identification of a gateway port that is mapped to a 
respective Web server, and wherein each link is configured to send a request to a respective Web 
server via the gateway at an identified gateway port.". The teachings of Raanan et al suggest 
such limitations (coL 1, lines 30-col. 10,line 18, whereas the use of an extraction/robot module 
translation of addressing (i.e., URL, IP level addressing) protocol information (i.e., col 3, lines 
53-col. 4,line 33, col 5,lines 60-coL 6,line 59, col. 7,lines 5-8, col. 8,lines 64-coL 9,linel8) are 
broadly interpreted to encompass the ". .. (URL) for the gateway . . . valid on the public network 
. . identification . . . port . . . mapped to a respective Web server, . . . Unk is ... to send a request to 
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a . . . Web server via the gateway at an identified gateway port" limitation, whereas the use if the 
Internet Web protocol data structures clearly encompasses port addressing (i.e., that's how 
apphcations are dehneated from each other from a Internet network element perspective).); 

Further, claim 24 additionally recites the Umitation that; "The gateway system [This 
claim is the system mean plus fijnction claim for the method claim 10 above, and is rejected for 
the same reasons provided for the claim 10 rejection] according to Claim 21, wherein each link 
to a Web server includes a uniform resource locator (URL) for the gateway system that is valid 
on the public network and an identification of a gateway system port that is mapped to a 
respective Web server, and wherein each link is configured to send a request to a respective Web 
server via the gateway system at an identified gateway system port "; 

Further, claim 38 additionally recites the limitation that; "The computer program product 
[This claim is the embodied software claim for the method claim 10 above, and is rejected for the 
same reasons provided for the claim 10 rejection] according to Claim 35, wherein each link to a 
Web server includes a uniform resource locator (URL) for a gateway on the private network that 
is valid on to a public network and an identification of a gateway port that is mapped to a 
respective Web server, and wherein each link is configured to send a request to a respective Web 
server via the gateway at an identified gateway port.". 

14. Claim 1 1 additionally recites the limitation that; "The method according to Claim 7, 
wherein the step of serving a Web page to the client comprises: scanning a range of private 
network addresses to identify Web servers listening on one or more selected ports; mapping each 
identified Web server to a respective gateway port; and creating a Web page that contains a 
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respective link to each gateway port for each device for which the to user has access rights.". The 
teachings of Raanan et al suggest such limitations (col. 1 Jines 30-coL 10,line 18, whereas the use 
of a firewall/gateway to determine authorized and allowable actions by the client (i.e., col 
2,lines 39-col. 3,line 23, col. 4,Iines 65-col. 5,Hne 29,61-67, col. 7,lines 19-25), are broadly 
interpreted to encompass the "mapping ... to a respective gateway port; , . . creating a Web page 
. . . link to each gateway port . . . device for which the to user has access rights" limitation, and the 
extraction/robot module translation of addressing (i.e., URL, IP level addressing) protocol 
information (i.e., col. 3, lines 53-col. 4,line 33, col. 5, lines 60-col. 6,line 59, col. 7,Hnes 5-8, col. 
8,lines 64-col 9,linel8) are broadly interpreted to encompass the "scanning a range of private 
network addresses to identify Web servers listening on one or more selected ports" limitation ); 

Further, claim 25 additionally recites the limitation that; "The gateway system [This 
claim is the system mean plus function claim for the method claim 1 1 above, and is rejected for 
the same reasons provided for the claim 1 1 rejection] according to Claim 21, wherein the means 
for serving a Web page to the client comprises: means for scanning a range of private network 
addresses to identify Web servers listening on one or more selected ports; means for mapping 
each identified Web server to a respective gateway system port; and means for creating a Web 
page that contains a respective link to each gateway system port for each device for which the 
user has access rights "; 

Further, claim 39 additionally recites the limitation that; "The computer program product 
[This claim is the embodied software claim for the method claim 1 1 above, and is rejected for the 
same reasons provided for the claim 1 1 rejection] according to Claim 35 wherein the computer 
readable program code that serves a Web page to the client comprises: computer readable 
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program code that scans a range of private network addresses to identify Web servers listening 
on one or more selected ports; computer readable program code that maps each identified Web 
server to a respective port of a gateway on the private network; and computer readable program 
code that creates a Web page that contains a respective link to each gateway port for each device 
for which the user has access rights ". 

15. As per claim 12; "A method of accessing devices on a private network via a client on a 
public network, wherein each device includes a Web server having an address that is valid on the 
private network, but is not valid on the public network, the method comprising the following 
steps performed by a gateway on the private network: ascertaining rights of a user to access one 
or more devices or the private network; serving a Web page to the client that identifies each 
device on the private network for which the user has access rights, wherein the Web page 
includes a link to a Web server of each device on the private network for which the user has 
access rights, wherein each link to a Web server includes a uniform resource locator (URL) for 
the gateway that is valid on the public network and an identification of a gateway port that is 
mapped to a respective Web server, and wherein each link is configured to send a request to a 
respective Web server via the gateway at an identified gateway port; receiving a request fi-om the 
client to access a Web server of a device on the private network in response to user activation of 
a link on the Web page; redirecting the received client request to the Web server; scrubbing a 
Web page served by the Web server in response to the received client request, comprising: 
removing links to Web servers of devices for which the user does not have access rights; and 
replacing an address in the Web page that is not valid on the public network with an address that 
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is valid on the: public network; and serving the scrubbed Web pace to the client [This claim is 
the combination of claims 1,2,4 above, and is rejected for the same reasons provided for the 
claims 1,2,4 rejection]."; 

Further, as per claim 26; "A gateway system [This claim is the system mean plus function 
claim for the method claim 12 above, and is rejected for the same reasons provided for the claim 
12 rejection] that permits access to devices on a private network via a client on a public network, 
wherein each device includes a Web server having an address that is valid on the private 
network, but is not valid on the public network, wherein the gateway system comprises: means 
for ascertaining rights of a user to access one or more devices on the private network; means for 
serving a Web page to the client that to identifies each device on the private network for which 
the user has access rights, wherein the Web page includes a link to a Web server of each device 
on the private network for which the user has access rights, wherein each link to a Web server 
includes a uniform resource locator (URL) for the gateway system that is valid on the public 
network and an identification of a gateway system port that is mapped to a respective Web 
server, and wherein each link is configured to send a request to a respective Web server via the 
gateway system at an identified gateway system port; means for receiving a request from the 
client to access a Web server of a device on the private network in response to user activation of 
a link on the Web page; means for redirecting the received client request to the Web server; 
means for scrubbing a Web page served by the Web server in response to the received client 
request, comprising: means for removing links to Web servers of devices for which the user does 
not have access rights; and means for replacing an address in the Web space that is not valid on 
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the public network with an address that is valid on the public network; and means for serving the 
scrubbed Web page to the client. 

Further, as per claim 40; "A computer program product [This claim is the embodied 
software claim for the method claim 12 above, and is rejected for the same reasons provided for 
the claim 12 rejection] that permits access to devices on a private network via a client on a public 
network, wherein each device includes a Web server having an address that is valid on the 
private network, but is not valid on the public network, the computer program product 
comprising a computer usable storage medium having computer readable program code 
embodied in the medium, the computer readable program code comprising: computer readable 
program code that ascertains rights of a user to access one or more devices on the private 
network; computer readable program code that serves a Web page to the client that identifies 
each device on the private network for which the user has access rights, wherein the Web page 
includes a link to a Web server of each device on the private network for which the user has 
access rights, wherein each link to a Web server includes a uniform resource locator (URL) for a 
gateway on the private network that is valid on the public network and an identification of a 
gateway port that is mapped to a respective Web server, and wherein each link is configured to 
send a request to a respective Web server via the gateway system at. an identified gateway port; 
computer readable program code that receives a request fi-om the client to access a Web server of 
a device on the private network in response to user activation of a Hnk on the Web page; 
computer readable program code that redirects to received client request to the Web server; 
computer readable program code that scrubs a Web page served by the Web server in response to 
the received client request, comprising: computer readable program code that removes links to 



Application/Control Number: 09/874,802 Page 20 

Art Unit: 2136 

Web servers of devices for which the user does not have access rights; and computer readable 
program code that replaces an address in the Web page that is not valid on the public network 
with an address that is valid on the public network; and computer readable program code that 
serves the scrubbed Web page to the client. 

16. Claim 13 additionally recites tho Hmitation that; "The method according to Claim 12, 
further comprising the step of accepting a user log-in request from the client prior to ascertaining 
rights of the user, wherein the user log-in request includes an identification of the user.". The 
teachings of Raanan et al suggest such limitations (col. l^hnes 30-col. 10,line 18, whereas the use 
of a firewall/gateway to determine authorized and allowable actions by the client (i.e., col. 
2,lines 39-col. 3,line 23, col. 4,lines 65-col. 5,line 29,61-67, col 7,lines 19-25), are broadly 
interpreted to encompass the "accepting a user log-in request . . . prior to ascertaining rights of 
the user, . . . includes an identification of the user" hmitation.); 

Further, claim 27 additionally recites the limitation that; "The gateway system [This 
claim is the system mean plus fiinction claim for the method claim 13 above, and is rejected for 
the same reasons provided for the claim 13 rejection] according to Claim 26, further comprising 
means for accepting a user log-in request from the client prior to ascertaining rights of the user, 
wherein the user log-in request includes an identification of the user."; 

Further, claim 41 additionally recites the limitation that; "The computer program product 
[This claim is the embodied software claim for the method claim 13 above, and is rejected for the 
same reasons provided for the claim 13 rejection] according to Claim 40, further comprising 
computer readable program code that accepts a user log-in request from the client prior to 
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ascertaining rights of the user, wherein the user log-in request includes an identification of the 

user". 

17. Claim 14 additionally recites the limitation that; "The method according to Claim 12, 
wherein the step of serving a Web page to the client comprises: scanning a range of private 
network addresses to identify Web servers listening on one or more selected ports; mapping each 
identified Web server to a respective gateway port; and creating a Web page that contains a 
respective link to each gateway port for each device for which the to user has access rights.". The 
teachings of Raanan et.al suggest such Umitations (coL l,Hnes 30-col 10,line 18, whereas the use 
of a firewall/gateway to determine authorized and allowable actions by the client (i.e., col. 
2,lines 39-col. 3,line 23, col. 4,lines 65-col. 5,line 29,61-67, col. 7,lines 19-25), are broadly 
interpreted to encompass the "mapping ... to a respective gateway port; . . . creating a Web page 
. . . link to each gateway port . . . device for which the to user has access rights" limitation, and the 
extraction/robot module translation of addressing (i.e., URL, IP level addressing) protocol 
information (i.e., col. 3, lines 53-col. 4,line 33, col. 5,Unes 60-col. 6,line 59, col 7,lines 5-8, coL 
8,lines 64-col. 9,linel8) are broadly interpreted to encompass the "scanning a range of private 
network addresses to identify Web servers listening on one or more selected ports" limitation.); 

Further, claim 28 additionally recites the limitation that; "The gateway system [This 
claim is the system mean plus function claim for the method claim 14 above, and is rejected for 
the same reasons provided for the claim 14 rejection] according to Claim 26, wherein the means 
for serving a Web page to the client comprises: means for scanning a range of private network 
addresses to identify Web servers listening on one or more selected ports; means for mapping 
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each identified Web server to a respective gateway system port; and means for creating a Web 
page that contains a respective link to each gateway system port for each device for which the 
user has access rights 

Further, claim 42 additionally recites the limitation that; "The computer program product 
[This claim is the embodied software claim for the method claim 14 above, and is rejected for the 
same reasons provided for the claim 14 rejection] according to Claim 40, wherein the computer 
readable program code that serves a Web page to the client comprises: computer readable 
program code that scars a range of private network addresses to identify Web servers listening on 
one or more selected ports; computer readable program code that maps each identified Web 
server to a respective gateway port; and computer readable program code that creates a Web 
page that contains a respective link to each gateway port for each device for which the user has 
access rights ". 

Conclusion 

18. Any inquiry concerning this communication or earlier communications from examiner 
should be directed to Ronald Baum, whose telephone number is (703) 305-4276. The examiner 
can normally be reached Monday through Friday from 8:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh, can be reached at (703) 305-9648. The Fax number for the organization 
where this application is assigned is 703-872-9306. 
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